General questions

Question 1

What type of information does a control risk use?

Answer 1

Financial information

Control risks specifically apply to financial information, where they may impact the integrity or availability of the financial information.

Question 2

Dave has been required to build his company’s security policies. Which of the following policies is commonly put in place for service accounts?

Answer 2

They cannot use interactive logins

It is common practice to prohibit interactive logins to a GUI or shell for service accounts. Use of a service account for interactive logins or attempting to log in as one should be immediately flagged and alerted on as an indicator of compromise (IoC).

Question 3

What type of technique is commonly used by malware creators to shift the signature of malware to prevent detection by antivirus tools?

Answer 3

Refactoring

Refactoring a program by automated means can include adding additional text, comments, or nonfunctional operations to make the program have a different signature without changing its operations. This is typically not a manual operation due to the fact that antimalware tools can quickly find new versions. Instead, refactoring is done via a polymorphic or code mutation technique that changes the malware every time it is installed to help avoid signature-based systems.

Question 4

Bruce needs a cryptographic algorithm that provides low latency. What type of cryptosystem is most likely to meet this performance requirement?

Answer 4

Symmetric encryption

A symmetric cryptosystem will typically perform faster and with less processor overhead and thus lower latency than asymmetric cryptosystems. Hashing is not encryption, and one-time pads are not implemented in modern cryptosystems, although they may have uses in the future quantum cryptographic solutions.

Question 5

Luna needs to capture the contents of physical memory by using a command-line tool on Linux system. Which of the following tools can apply on this task?

Answer 5

memdump

The memdum tool ios a command0line memory dump utility that can dump physical memory. Somewaht confusingly, memdump is also a flag in the very useful Volatility framework, where it can be used to dump memory as well. The remaining options were made up and are not Linux tools, although you can create a ramdump on Android devices.

Question 6

Selina needs to determine services on a remote machine and label the services with service names and other general details. Of the following tools, which one will not give that information.

Answer 6

netcat

Although all of the tools listed can perform a port scan and identify open ports, netcat is the only one that does not also integrate automated service identification.

Question 7

Which of the following term describes a military strategy for political warfare that merges conventional warfare, irregular warfare, and cyberwarfare with fake news, social media influence strategies, diplomatic efforts, and manipulation of legal activities?

Answer 7

Hybrid warfare

Question 8

Carly has been asked to set up access control for a server. The requirements state that users at a lower privilege level should not be able to see or access files or data at a higher privilege level. What access control model would best fit these requirements?

Answer 8

MAC

Mandatory access control (MAC). It will not allow lower privileged users to even see the data at a higher privilege level.

Question 9

Nathan operates a vulnerability scan using up-to-date definitions for a system that he knows has a vulnerability in the version of Apache that it is running. The vulnerability scan does not show that issue when he reviews the report. What has Nathan addressed?

Answer 9

A false negative

A false negative occurs with a vulnerability scanning system when a scan is run and an issue that exists is not identified.

Question 10

Your security manager needs to determine which risks to minimize based on cost. This is an example of:

Answer 10

Quantitative risk assessment is the process of assigning numerical values to the probability an event will occur and what impact the event will have.

Question 11

Your company has produced some new security directives. One of these new directives is that all documents must be shredded before being thrown out. Which of the following types of attack is this attempting to prevent?

Answer 11

Dumpster diving

Question 12

Olivia has issued Android tablets to staff in her production facility, but cameras are banned due to sensitive data in the building. What type of tool can she use to control camera use on all of her organization ‘ s corporate devices that she issues?

Answer 12

MDM

Mobile device management (MDM) tool, allows control of the devices, which would allow Olivia to lock out cameras and preventing staff members from using the tablets to take pictures.

Question 13

Gabriel wants to enforce a wide variety of settings for devices used in her organization. Which of the following methods should she select if she needs to manage hundreds of devices while setting rules for use of SMS and MMS, audio and video recording, GPS tagging, and wireless connection methods like tethering and hotspot modes?

Answer 13

Use a UEM tool and application to manage the devices.

A universal endpoint management (UEM) tool can manage desktops, laptops, mobile devices, printers, and other devices. UEM tools are often used applications deployed to mobile devices to configure and manage them.

Question 14

How does asymmetric encryption support nonrepudiation?

Answer 14

Using digital signatures

Digital signatures that use a sender’s private key provide nonrepudiation by allowing a sender to prove that they sent a message.

Question 15

Manus is concerned about someone using a password cracker on computers in his company. He is concerned that crackers will attempt common passwords in order to log in to a system. Which of the following would be best for mitigating this threat?

Answer 15

Account lockout policies

Accounts should lock out after a small number of login attempts. Three is a common number of attempts before the account is locked out.

Question 16

The virtual machine cluster that Brian takes responsibility for has experienced a huge failure in its primary controller. The entire company is offline, and users cannot get to the company’s website which is its primary business. What type of disaster is it?

Answer 16

An internal disaster

This is an internal disaster — one in which internal issues have led to a problem.

Question 17

When a program has variables, especially arrays, and does not check the boundary values before inputting data, what attack is the program vulnerable to?

Answer 17

Buffer overflow

A buffer overflow is possible when boundaries are not checked and the attacker tries to put in more data than the variable can hold.

Question 18

Joce has been asked to implement a directory service. Which of the following technologies should she deploy?

Answer 18

LDAP

the only directory service listed is Lightweight Directory access protocol (LDAP).

Question 19

Your company relies heavily on cloud and SaaS service providers such as salesforce.com, Office365, and Google. Which of the following would you have security concerns about?

Answer 19

SAML

Security assertion markup language (SAML) is an extensible markup language (XML) framework for creating and exchanging security information between partners online.

Question 20

Endpoint detection and response has three major components that make up its ability to provide visibility into endpoints. Which of the following is not one of those three parts?

Answer 20

Malware analysis

Endpoint detection and response (EDR) focuses on identifying anomalies and issues, but it is not designed to be a malware analysis tool.

Question 21

What steps of handling a disaster are covered by a disaster recovery plan?

Answer 21

What to do before, during, after the disaster.

Disaster recovery requires forethought and preparation, response to issues, and minimize impact during a disaster.

Question 22

Which of the following lessens the success of dictionary password attacks?

Answer 22

password complexity requirements

complex password enforcement means dictionary words or username variations, to name just a few, cannot be used as passwords.

Question 23

The company that John works for has experienced a data breach, and the personal information of thousands of customers has been revealed. What impact category is not a concern as described in this scenario?

Answer 23

Availability loss

This description does not include any risk to availability since there is no information about the system or services being down or offline.

Question 24

Ricky needs to show information from his company’s risk register in a way that is easy to understand and rank format. Which of the following common tools is applied to help management quickly understand relative rankings of risk?

Answer 24

A heat map

Risk heat maps or a risk matrix can allow an organization to quickly look at risks and compare them based on their responsibilities and impact or other rating elements.

Question 25

Which of the following is the best description for a collection of computers that have been compromised and are being controlled from one central point?

Answer 25

Botnet

A collection of computer that are compromised, then centrally controlled to perform actions like DOS, data collection, and other malicious activities are called a botnet.

Question 26

Patching systems immediately after patches are released. This is an example of what risk management strategy?

Answer 26

Avoidance

Patching is a form of avoidance because it works to remove risk from the environment. Acceptance of flaws that need patching would involve leaving the software unpatched.

Question 27

Which of the following would stop a person from installing a program on a company-owned mobile device?

Answer 27

An allow list

Allow lists are lists of approved software. Software can only be installed if it is on an allow list. Deny lists block specific applications, but they cannot account for every possible malicious application.

Question 28

What type of attack uses a second wireless access point (WAP) that broadcasts the same SSID as a legitimate access point, in trying to get users to connect to the attacker’s WAP?

Answer 28

Evil twin

Evil twin attacks use malicious access point configured to appear to identical to a legitimate AP.

Question 29

Thara is concerned about staff in her organization sending email with sensitive information like customer Social Security numbers (SSNs) included in it. What type of solution can she implement to help prevent inadvertent exposures of this type of sensitive data?

Answer 29

DLP

Data loss prevention (DLP) tools allow sensitive data to be tagged and monitored so that if a user attempts to send it, they will be notified, administrators will be informed, and if necessary, the data can be protected using encryption or other protection methods before it is sent.

Question 30

Spyware is an example of what type of malicious software?

Answer 30

A PUP

Spyware and adware are both common examples of a PUP or potentially unwanted program.

Question 31

Mark is working for a government agency that has got a Freedom of Information Act (FoIA) request and has to give the requested information from its email servers. What this process called?

Answer 31

e-discovery

electronic discovery is the legal proceeding involved in litigation.

Question 32

Amanda’s company has adopted multiple software-as-a-service (SaaS) tools and now wants to better coordinate them so that the data that they each contain can be used in multiple services. Which of the following types of solutions should she recommend if she wants to reduce the complexity of long-term maintenance for her company?

Answer 32

Adopt an integration platform to leverage scalability

Services integration in cloud and virtualization environments can be very complex and can involve data, APIs, and other types of application integration. Integration platforms allow organizations to use a standardized tool rather than building and maintaining their own. This allows them to focus on the actual integrations rather than the underlying system, saving time and effort.

Question 33

Mark is responsible for managing his company’s load balancer and wants to use a load-balancing scheduling technique that will take into account the current server load and active sessions. Which of the following techniques should he choose?

Answer 33

Least connection

The least connection-based load balancing takes the load into consideration and sends the next request to the server with the least number of active sessions.

Question 34

Henry has to create a checklist with all the steps to respond to a specific incident. What type of artifact should he make to do so in his security orchestration, automation, and response (SOAR) environment?

Answer 34

A playbook.

Playbook list the required steps that are needed to address an incident. A runbook focuses on the steps to perform an action or process as part of an incident response process.

Question 35

Which type of credential policy is typically made to deal with contractors and consultants?

Answer 35

third-party policy

Third-party policy address how contractors and consultant credentials are handled. This may require sponsorship by an internal staff member.

Question 36

Elaine needs to identify what websites a user has recently visited using the contents of a forensically acquired hard drive. Of the following locations, which one would not be helpful for her investigation?

a) the browser cache
b) the browser’s bookmark
c) the browser’s history
d) session data

Answer 36

The browser’s bookmark

Question 37

Patrick wants to make a contract with a company to have data center space that is equipped and ready to go so that he could bring his data to the location in the event of a disaster. What type of disaster recovery site is he seeking?

Answer 37

A warm site

Patrick is looking for a warm site, which has some or all of the infrastructure and systems he needs but does not have data.

Question 38

Samantha is carrying out an exercise for her organization and wants to run an exercise that is as close to an actual event as possible. What type of event should she run to help her organization get this type of real-world practice?

Answer 38

A simulation

A simulation is the closest you can get to a real-world event without having one.

Question 39

Harry filming a video of the removal of a drive from a system when he is preparing for a forensic investigation. What is the most suitable reason explaining his action?

Answer 39

To document the chain of custody and provenance of the drive

Harry’s most likely use for the video is to document the forensic process, part of the chain of custody, and provenance of the forensic data he acquired.

Question 40

Mary is responsible for database management and security. She is trying to remove redundancy in the database. What is this process called?

Answer 40

Normalization

Normalization is the process of removing duplicate or redundant data from a database. There are typically four levels of normalization ranging from 1N at the lowers to 4N at the highest.

Question 41

Jim needs to find a common set of tools for security and risk management for his infrastructure as a service (IaaS) environment. Which organizations provide a vendor-neutral reference architecture that he can apply to verify his design?

Answer 41

The cloud security alliance

the cloud security alliance’s reference architecture includes information about tools in a vendor neutral manner.

Question 42

Alex is starting his risk assessment for the company and has not yet started to implement controls. What kind of risk does his company have?

Answer 42

Inherent risk

Inherent risk is the risk that an organization faces before controls are put in place. Without risk assessment and controls in place, Alex must first deal with the inherent risks the organization has as it exists today.

Question 43

Patrick is assessing an organization and finds that they have numerous multifunction printers (MFPs) that are accessible from the public Internet. What is the most critical security problem he should detect?

A) The printers may allow attackers to access other parts of the company network.

B) Third parties could print to the printers, using up the supplies.

C) The scanners may be accessed to allow attackers to scan documents that are left in them.

D) The printers could be used as part of a DDoS attack.

Answer 43

the printers may allow attackers to access other parts of the company network

Question 44

What type of communications is SRTP most likely to be used for?

Answer 44

VoIP

SRTP is a secure version of the real-time transport protocol and is used primarily for voice over IP (VoIP) and multimedia streaming or broadcast.

Question 45

Which of the following convention is less official than a traditional contract but it still plays a certain role of importance to all parties involved?

Answer 45

MOU

A memorandum of understanding (MOU) is a type of agreement that is usually not legally binding. This agreement is intended to be mutually beneficial without involving courts or money.